[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: %q with truncating size loses safeness of %q
From: |
Sam Liddicott |
Subject: |
Re: %q with truncating size loses safeness of %q |
Date: |
Fri, 17 Apr 2020 21:38:56 +0100 |
So is it to be "fixed" in the documentation with a warning that
truncating-size specifiers for %q may nullify the safety benefits for which
it is used?
Sam
On Fri, 17 Apr 2020, 21:12 Chet Ramey, <chet.ramey@case.edu> wrote:
> On 4/17/20 10:22 AM, Sam Liddicott wrote:
>
> > Bash Version: 4.4
> > Patch Level: 20
> > Release Status: release
> >
> > Also occurs on 5.0.7(1)-release
> >
> > Description:
> > printf %q with a truncating size will emit partially escaped
> > sequence thus losing the safety and composability that %q
> > is intended to provide.
> >
> > Repeat-By:
> > $ printf 'echo %.2q%q\n' "a'b" ';ls'
> > echo a\\;ls
> > The semi-colon is no longer escaped, the expectation of
> > the %q formatter is lost
>
> I would say this is a programmer error. The way precisions work with
> string arguments is that the argument is fetched or generated (this
> includes generating the quoted string for %q or the expanded string for
> %b) and then printf writes number of bytes (!) from that generated string
> specified by the precision.
>
> Chet
>
> --
> ``The lyf so short, the craft so long to lerne.'' - Chaucer
> ``Ars longa, vita brevis'' - Hippocrates
> Chet Ramey, UTech, CWRU chet@case.edu http://tiswww.cwru.edu/~chet/
>